Skip to main content
CVE-2023-27479 CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
9.9
EPSS
1.1%
CVE-2023-24775 CRITICAL POC THREAT Act Now

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Funadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
19.8%
CVE-2023-24781 CRITICAL POC Act Now

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Funadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1253 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Health Center Patient Record Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Health Center Patient Record Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-3760 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.0.0.58. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Mia Med
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-25690 CRITICAL Act Now

Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Request Smuggling Authentication Bypass Http Server
NVD
CVSS 3.1
9.8
EPSS
83.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy